python312Packages.tempita: drop nose dependency

[Sigmanificient]

Description of changes

part of:

• python3Packages: get rid of uses of nose #326513

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
  • sandbox = relaxed
  • sandbox = true
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• 24.11 Release Notes (or backporting 23.11 and 24.05 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
• Fits CONTRIBUTING.md.

---

Add a 👍 reaction to pull requests you find important.

[emilazy]

There’s a 2021 upstream release that seems to support Python 3, maybe we should switch to that rather than using this random fork if we want to keep this package?

However, the only reverse dependency in‐tree is python3Packages.sqlalchemy-migrate, which is marked broken because it doesn’t support newer SQLAlchemy versions. Perhaps we should simply drop instead.

[Sigmanificient]

The bit-bucket link in repo description seems to 404 on my side, which might be te reason the fork was chosen
Well, the fact has no maintainers is an argument in favor of dropping it?

[emilazy]

Ah, the thing from 2021 is just a wheel of a version from 2013. Weird.

I favour dropping this and sqlalchemy-migrate. I was going to cite the small list of reverse dependencies on Wheelodex that I remembered seeing when I left my last comment but it looks like I made the site fall over by using it too much.

However, openlp depends on sqlalchemy-migrate. It is on an outdated version, and the latest upstream release does not use the dependency any more. So we’d have to bump that, or drop the package, which would be unfortunate as it seems like an actively‐maintained end‐user application.

@jorsn Would you be willing to update openlp to help unblock this?

[mweinelt]

• sqlalchemy-migrate has been marked broken ever since we moved to 3.11 898955e
• qtwebkit was marked vulnerable in 2022/11 a505704
• openlp hasn't been updated once since it was introduced in 2020

I think it is safe to remove, since nobody cared about its dependency chain being broken and vulnerable.

[Sigmanificient]

Doesn't qtwebkit have quite a few deps?

[emilazy]

It has a handful, but ~nobody can use them, because Hydra won’t build insecure packages and anyone who overrides that warning to build an insecure unmaintained web browser engine themselves can just maintain it out-of‐tree if they really want to. They should all be updated or removed, basically (probably removed, since it means nobody has noticed they’re broken or stepped up to maintain them since).

Closing in favour of #330855, but thank you!

[Sigmanificient]

rip small pr